package com.yociyy.security.config;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;

import com.yociyy.security.authorize.AuthorizeConfigManager;

import lombok.AllArgsConstructor;

/**
 * 默认资源服务配置类
 * 
 * @author: YoCiyy
 * @date: 2020/6/30
 */
@AllArgsConstructor
public class YoCiResourceServerConfig extends ResourceServerConfigurerAdapter {

	private final TokenStore tokenStore;

	private final AuthorizeConfigManager authorizeConfigManager;

	private final AccessDeniedHandler yociAccessDeniedHandler;

	private final AuthenticationEntryPoint yociAuthenticationEntryPoint;

	@Override
	public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
		resources
				.tokenStore(tokenStore)
				.stateless(true)
				.accessDeniedHandler(yociAccessDeniedHandler)
				.authenticationEntryPoint(yociAuthenticationEntryPoint);
	}

	@Override
	public void configure(HttpSecurity http) throws Exception {

		http
				// 关闭iframe嵌入页面拦截，方式前端iframe弹窗无法加载问题
				.headers().frameOptions().disable()
				// 关闭csrf安全拦截，采取第三方手段规避此类问题
				.and()
				.csrf().disable();

		authorizeConfigManager.config(http.authorizeRequests());

		// ExpressionUrlAuthorizationConfigurer<HttpSecurity>
		// .ExpressionInterceptUrlRegistry config = http
		// .authorizeRequests();
		//
		// securityProperties.getIgnore().getUrls().forEach(url -> config.antMatchers(url).permitAll());
		//
		// config
		// .anyRequest().authenticated()
		// // 关闭iframe嵌入页面拦截，方式前端iframe弹窗无法加载问题
		// .and()
		// .headers().frameOptions().disable()
		// // 关闭csrf安全拦截，采取第三方手段规避此类问题
		// .and()
		// .csrf().disable();
	}
}
